CVE-2016-9907

CVSS V2 Medium 4.9 CVSS V3 Medium 6.5

Description

Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

Overview

CVE ID
CVE-2016-9907

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2016-12-23T22:59:00

Last Modified Date
2023-02-12T23:27:23

Weakness Enumerations

CWE	URL
CWE-772	http://cwe.mitre.org/data/definitions/772.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:a:qemu:qemu::::::::	1	OR	2.7.1
		AND
cpe:2.3:o:debian:debian_linux:8.0:::::::*	1	OR
		AND
cpe:2.3:a:redhat:openstack:6.0:::::::*	1	OR
cpe:2.3:a:redhat:openstack:7.0:::::::*	1	OR
cpe:2.3:a:redhat:openstack:8:::::::*	1	OR
cpe:2.3:a:redhat:openstack:9:::::::*	1	OR
cpe:2.3:a:redhat:openstack:10:::::::*	1	OR
cpe:2.3:a:redhat:openstack:11:::::::*	1	OR
		AND
cpe:2.3:a:redhat:virtualization:4.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*	0	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
COMPLETE

Base Score
4.9

Severity
MEDIUM

Exploitability Score
3.9

Impact Score
6.9

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector
LOCAL

Attack Compatibility
LOW

Privileges Required
LOW

User Interaction
NONE

Scope
CHANGED

Confidentiality Impact
NONE

Availability Impact
HIGH

Base Score
6.5

Base Severity
MEDIUM

Exploitability Score
2

Impact Score
4

References

Reference URL	Reference Tags
http://www.openwall.com/lists/oss-security/2016/12/08/3	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/94759	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2016-9907
https://bugzilla.redhat.com/show_bug.cgi?id=1402265
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201701-49	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2016-9907
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9907

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 06:58:24				Added to TrackCVE
2022-12-02 12:35:10	2016-12-23T22:59Z	2016-12-23T22:59:00	CVE Published Date	updated
2022-12-02 12:35:10		2021-08-04T17:15:35	CVE Modified Date	updated
2022-12-02 12:35:10		Analyzed	Vulnerability Status	updated
2023-02-02 23:05:46		2023-02-02T21:17:30	CVE Modified Date	updated
2023-02-02 23:05:46	Analyzed	Modified	Vulnerability Status	updated
2023-02-02 23:05:47	Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.	CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector	Description	updated
2023-02-02 23:05:49			References	updated
2023-02-13 01:06:56		2023-02-12T23:27:23	CVE Modified Date	updated
2023-02-13 01:06:56	CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector	Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.	Description	updated